The new regex matching stuff rocks... except it's missing one thing

Ian Hobson ian at ianhobson.co.uk
Thu Mar 12 01:30:07 MSK 2009


mike wrote:
> The auth stuff doesn't support it.
>
> Any ideas on how to support dynamically populating the
> auth_basic_user_file? Is this a quick and dirty thing? That'd be
> awesome if it was.
>
>                location ~* ^/foo/private/(.*) {
>                        alias /home/foo/web/private/$1/;
>                        auth_basic "Restricted files";
>                        auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
>                }
>
>
> 2009/03/11 16:16:39 [crit] 14097#0: *11 open()
> "/home/foo/web/private/$1/.htpasswd" failed (2: No such file or
> directory), client: 1.2.3.4, server: foo.com, request: "GET
> /foo/private/demo-video/ HTTP/1.1", host: "foo.com"
>   
I would have thought a new param, to list the users who were permitted 
to authenticate would be more flexible. That way, you have one password 
file, and only one password to change for a user who has access to 
multiple areas.

permit_user <list>;   and deny_user <list>;   perhaps.

And why risk having your password file in your web tree?

Regards

Ian





More information about the nginx mailing list